CSOs also reveal security concerns over application code

A survey of 757 organisations has found that 75% think their applications contain security holes that can be exploited by criminals.

Interviews conducted with a panel of 20 chief security officers (CSOs) also revealed that they are very concerned about the security of application code.

According to Professor Howard Schmidt, director, Fortify Software and a former adviser to the White House, said the figures were not that surprising.

He commented: ‘When organisations develop applications, quality is one of the highest priorities but security vulnerabilities are seldom recognized or fixed. Priority is often given to delivering application features and business benefits without the understanding of fundamental coding errors that lead to security issues. Cybercriminals are targeting applications to steal money and information, and they know all too well how to exploit vulnerabilities not only in commercial software but are also very adept in finding security holes in applications that are developed "in house". Business leaders need to set in place business software assurance processes including development practices designed to ensure that their applications are secure to protect the data of citizens, customers and shareholders from the new wave of threats from cybercriminals.’

“Today's cybercriminals are highly sophisticated”, says Richard Kirk, vice president EMEA for Fortify. “Their technical expertise is extremely good, as is their knowledge of the systems they're trying to break into.’

He added: ‘They also have at their disposal the resources of large organised crime gangs who are fully aware that the world's police forces are woefully under-resourced for tracking down internet fraudsters. In the panel debate we will discuss the solutions to the problem of cyber-crime and application security.’